Age | Commit message (Expand) | Author |
2010-09-27 | must have either PR_WAITOK or PR_NOWAIT set. | David Gwynne |
2010-09-08 | creating a pfsync interface is always done from process context, so | Bret Lambert |
2010-07-28 | pfsync_bulk_fail was mucking around with pfsync_softc and sending packets | David Gwynne |
2010-07-25 | Add missing braces so a loop will function as intended. | Jonathan Gray |
2010-07-09 | Add support for using IPsec in multiple rdomains. | Reyk Floeter |
2010-07-09 | instead of saying we're using the all the states in the table when | David Gwynne |
2010-07-09 | -#if 1 || defined(PFSYNC_DEBUG) | David Gwynne |
2010-07-09 | the current code doesnt detect when its filled a bulk packet so it | David Gwynne |
2010-07-09 | sending of bulk updates has been very broken since r1.124. | David Gwynne |
2010-05-24 | remove bpfdetach() here, because it is called correctly in if_detach() | David Gwynne |
2010-05-12 | bzero() the full compressed update struct before setting the values. | Claudio Jeker |
2010-04-25 | Properly adjust group demotion counters when groups are added or | Marco Pfatschbacher |
2010-03-23 | Fix a crash in pfsync when running IPSEC. | Pierre-Yves Ritschard |
2010-03-01 | shuffle slightly and add more splassert. | David Gwynne |
2010-02-17 | dont defer broadcast or multicast packets. | David Gwynne |
2010-01-18 | Convert pf debug logging to using log()/addlog(), a single standardised | Ryan Thomas McBride |
2010-01-12 | factor m_pulldown out of the message handlers up into pfsync_input now | David Gwynne |
2010-01-12 | check the new pfsync_subheader len field on input. | David Gwynne |
2010-01-12 | Remove bpfdetach() call right in front of the if_detach() call since | Claudio Jeker |
2010-01-11 | remove some debug code that snuck in somehow. | David Gwynne |
2010-01-10 | replace a pad in the pfsync subheader with a length field. it stores the | David Gwynne |
2009-12-14 | fix sticky-address - by pretty much re-implementing it. still following | Henning Brauer |
2009-12-03 | fix order dependency of pfsync interface setup, with claudio; | Otto Moerbeek |
2009-11-23 | remove the nat_rule pointer on pf_state and pf_pdesc, obsolete after | Henning Brauer |
2009-11-22 | cleanup after the NAT changes. we used to have multiple rulesets (scrub, | Henning Brauer |
2009-11-12 | be paranoid in case the action array changes size (again, grr) | Theo de Raadt |
2009-11-03 | rtables are stacked on rdomains (it is possible to have multiple routing | Claudio Jeker |
2009-09-28 | when inserting a state, turn the error that pf_state_insert returns | David Gwynne |
2009-08-16 | remove prototypes of a bunch of functions that had their implementations | Jonathan Gray |
2009-06-17 | do better detection of when we have a better version of the tcp sequence | David Gwynne |
2009-06-14 | enable support for deferring the packet that creates a state so that your | David Gwynne |
2009-06-12 | rewrite the way states from pfsync are merged into the local state tree | David Gwynne |
2009-06-10 | jj reported a panic in bulk updates to me. this is my attempt to fix the | David Gwynne |
2009-05-13 | dont go splx(s) in the ioctl handler if we havent done splnet(). this adds | David Gwynne |
2009-05-13 | only keep track of the number of updates on tcp connections. state sync on | David Gwynne |
2009-04-15 | move pfsync stale update messages to NOISY level; ok dlg@ henning@ | David Krause |
2009-04-04 | use time_uptime instead of time_second internally. time_uptime isnt | David Gwynne |
2009-03-31 | do not include space in the end of the from for a hmac. after discussion | David Gwynne |
2009-03-23 | wait an appropriate amount of time before giving up on a bulk update, | David Gwynne |
2009-03-17 | we do know how to handle iack. in the rx path at least. | David Gwynne |
2009-03-15 | Introduce splsoftassert(), similar to splassert() but for soft interrupt | Miod Vallat |
2009-03-01 | rework serialisation of messages slightly. | David Gwynne |
2009-03-01 | check pfsyncs IFF_RUNNING flag before doing stuff. should save time for | David Gwynne |
2009-03-01 | i can't see a reason that we'd need to go to splnet to call ip_output. | David Gwynne |
2009-02-26 | bulk updates are sent from a timeout which walks over the state tree and | David Gwynne |
2009-02-24 | restore the parsing of incoming tdb update messages. this was disabled | David Gwynne |
2009-02-24 | request a bulk update when the pfsync if configuration is changed via an | David Gwynne |
2009-02-23 | dont put pfsync packets on the wire if no syncdev is specified. issues | David Gwynne |
2009-02-18 | if a peer requests a state that is marked as NOSYNC, then skip it. | David Gwynne |
2009-02-17 | // style comments shouldnt be in the tree. | David Gwynne |